A typical requirement in the secure storage of sensitive data is to provide a memory having memory fields that can be written once with the assurance that once a memory field is written it can no longer be modified.
Some forms of secure data storage are based on cryptographic mechanisms using a unique key to provide confidentiality and integrity of the stored data. However, in such storage it is sometimes possible to replace the stored data content with previous content of the secure memory. For example, if the supposed state at date T of the data is stored in the secure storage, and it is changed (by setting a bit to 1) at date T′, it is possible to revert to a prior data state by replacing the data of the secure storage with a copy of the data of the secure storage at date T. For example in the case of a software update a more recent version of software may be replaced by an older version of the software, an undesirable process which is often referred to as rollback.
A one time programmable (OTP) memory is often used to store sensitive data, which should be integrity and/or confidentiality-protected. An OTP memory is a form of digital memory where the setting of each bit can be locked by a fuse or anti-fuse. The memory can be programmed just once after manufacturing by an irreversible process for opening a connection in the case of a fuse or closing a connection in the case of an anti-fuse. Due to the irreversible processes involved once data is set to a certain state in such a memory it can no longer be modified. Some processors (baseband, application processors) embed a number of OTP memories containing at least one secret key, unique to each chip. This key can then be used to provide a secure storage functionality often required by manufacturers to bind data to the platform.
An OTP memory is however very costly. In particular in the case of the storage of keys or hashes, which include at least 128 bits, the related cost for storage of the data can be very high.
Moreover, a problem sometimes encountered when programming an OTP is when a loss of power occurs during the programming procedure. When rereading the OTP memory after the power has been restored, an error will be indicated because of the loss of power having taken place during writing of the memory. It will not be clear however if the indicated error relates to a loss of power or to another cause such as an unauthorized attempt to rewrite the OTP memory.